Updated September 29th, 2019
Update – Darknetstats wins again. We were the first one to break the story that dread was compromised. Now we see that darkfail and its sister site darknetlive are spreading fake fabricated stories about “deadman switch” and hugbunter’s whereabouts which is absurd and has nothing to do with reality. It seems like our article triggered the so called “deadman switch”. We suspect that they will announce the return of hugbunter in the next few days. Don’t forget the Hansa Episode when Dutch law enforcement took over it and operated it for 1 month. We urge you to stay away from dread as much as possible. It’s compromised.
Dread, A reddit style deepweb forum has been allegedly compromised by law enforcement according to the reports from insiders working closely with their admin. We are trying to independently verify their claims. The forum has been offline for weeks, leaving its users wondering about the future of the site and whereabouts of its admin “Hugbunter”.
The dread forum suffered several downtimes in its life span due to ddos attacks. These downtimes were 1 to 2 days maximum and the users were informed about the status through their reddit’s page.
This time things were a bit different as compared to the previous downtimes. The downtime started at september 12th. The site went offline for 2 days but then the admin updates the status on september 14th that the site will be up today. He was right the site was up for some hours and then it went offline again.
This is when it goes offline for 4 days straight. There was no communication from the admin Hugbunter and users started to wonder about the site’s fate. That’s when Hugbunter made an announcement on reddit that the ddos attack was reponsible for the downtime has been mitigated but now they were having scalability issues and needed time to do some upgrades.
The attack was mitigated but we are now facing a scalability issue causing the current down time, upgrades that I have been trying to complete for a while to provide increased stability across the platform have proven to take much longer than expected, however they were required to prevent these issues. I will make server upgrades to avoid it temporarily within the coming hours, however I cannot assure uptime until this evening at the earliest. I sincerely apologize for the inconvenience this will cause, I’m working on it non-stop right now.Hugbunter’s announcement on reddit
In the announcement on 18th september above he goes to say that he cannot assure uptime until this evening but things were different in reality.
Four days passed by and we heard nothing from him. Then on 23rd September we see a notice on their forum which says
Working on a huge update to provide increased stability as the platform grows further and will reduce a whole lot of spam and phishing. The update includes a variety of bug fixes and new features and should be ready to go live by this evening. I am extremely sorry for the downtime and lack of communication right now, this is the biggest update to the codebase that I will have performed and completely restructures everything behind the scenes. Thank you for your continued patience.Hugbunter’s announcement on dread’s front page
Now today September 27th at the time of writing this article we see the same old announcement on their front page that the forum ” should be ready to go live by this evening. ” which is of course far from reality.
Tip From A Former Mod & Close Aide Of HugBunter
As usual we keep an eye on everything dark web related and this was no exception. We already knew something was going on behind the scenes but we couldn’t get a clue what it was.
We have good amount of insider resources that keep us updated about the latest happenings related to dark web.
Yesterday we finally got a breakthrough when John Marsh (the admin of darknetstats) contacted me about the tip he got from a former dread Mod and a close aide of hugbunter. He shared the screenshots and gave me a full overview of the situation.
Former dread mod and close aide of hugbunter wanted to remain anonymous so that’s why we will not be sharing his name but we will share the message we got from him in which he states.
Hey man, i got a news for you. We haven’t be able to contact hugbunter for almost 2 weeks. Before that he was acting strangely. He was asking for my cell number and wanted to arrange a meet up. I suspect it is highly likely that he got picked up by L.E because he was talking weirdly. Never happened something like this before. Now his forum is down. I think L.E have access to his private key now and it seems like they are busy changing the code base of his forum to track down Market admins and vendors who are active at his forum.
I give you the full authority to share this with everyone but please don’t share my name. I want to remain anonymous and stay away from this mess.Message from former dread mod and close aide of hugbunter
A screenshot of the email we received from a former dread mod and hugbunter’s aide.
Here is the screenshot of the full message we received from him yesterday.
Let’s Examine The Proof We’ve Got So Far
We need to examine the proof we’ve got so far. We need to study the proof in detail so that we can come to the conclusion. Let’s get into it step by step.
Pgp Message from Former Mod & Co-developer
The most convincing proof we’ve got is the pgp signed message from a former mod and close aide of hugbunter. By close aide we mean that he was so close to hugbunter that they were co developers of the original source code of dread. In the pgp signed message he clearly mentions the reasons that his friend has been picked up by the L.E. This is the biggest proof we got but this doesn’t stops here.
No Canary Update
What is canary? In simple words it is a pgp signed proof from the owner which proves that the server and its resources are owned by him and it is updated daily. If it is not updated in a certain time then it is a proof that the server is taken over by someone else.
According to hugbunter himself he says that he updates his canary everyday. If i don’t update the canary for a maximum of 3 days then consider the server as compromised.
Well, right now its been 12 days and we don’t see his canary updates nor do we see any pgp signed messages from sep 18th. Big Proof again.
No Relation of Server Scalability & Development Updates With Downtime
Hugbunter comes with different excuses on different time intervals. He says that he wants to improve stability across the platform so he’ll need to upgrade the code and it’ll take a few hours and then in another message he goes to say that he will apply the updates no later than evening so everything will be fine. But in reality it took weeks and still its down with no communication from him. This is a big red flag.
As a developer myself when a smaller update to the code is needed then we simply turn on the development mode and add a notice on the front end about the downtime and it usually takes no more than 1 to 2 hours. But when we need a big update to the code then we do all the development on our local server and apply the updates to the live server. This is the way every developer applies the update. So it is a clear lie and we highly suspect that there is someone else behind his servers.
Why Law Enforcement Needs to Take Over a Forum?
This is very simple to understand. They need to take it over due to the following main reasons.
- To unmask the locations of Market admins and Big Vendors advertizing their stores. When le is controlling the source then they can get the real ip without any problem. There are lots of ways to get the real ip of tor users for a reference you can read iovation or threat metrix’s patents or informative pages.
- To get analytics and read the darknet user’s behaviours
- To get important information about how darknet users operate, read their personal messages and use the data to prosecute them
- To bring down the morale of darknet users
- To spread fear and uncenrtainity
At this point we’ve got overwhelming proof and we are safe to say that Dread is taken over by law enforcement. But we will need even more proof which we hope we will get as the time passes. We will update this article soon.
Stay safe guys